Configure Okta SAML SSO
To set up Okta SAML SSO in DronaHQ, you will need:
- An Okta account with permissions to create an SAML integration Application.
- Manage Users access on self-hosted DronaHQ instance or DronaHQ Cloud to configure SSO configurations.
Configure in OKTA
- Navigate to the OKTA dashboard, Go to Admin section. From the left side menu, go to
Applications -> Applications.
Download and open DronaHQ metadata file. To locate this file, Go to
DronaHQ -> Manage Users -> SSO CONFIGURATION -> + Add SSO -> SAML 2.0. Under
Entity ID and Metadata URL, open this url file that will be useful in next steps.
Create App Integrationand configure the app with below field options -
|Sign-on method||SAML 2.0|
|App Integration Name||Give a suitable name to your application. Eg - |
|Logo||(optional) you can provide a logo for your app.|
|Single sign-on URL||It is the location where SAML assertion is sent with an |
|Audience URL||This, we have to fill with entity ID present in the same Metadata downloaded file. Copy and paste the same. Ex - https://studio.dronahq.com/saml/metadata|
|Attribute Statements||This is an important part where will provide two attributes of name and email with values user.firstname and user.email respectively. You can add other user attributes such as location, department, etc. that you can configure in DronaHQ in next steps|
- Click Next. Fill in the feedback form and then
Here we can add all the people related to the organization for the SAML SSO configuration.
- Go to
Assignments -> Assign -> Assign to people -> Click assign for the user -> Done.
Now that we have created our application on Okta for SAML, we will now configure SAML SSO on DronaHQ.
Configure in DronaHQ
In order to configure SAML in DronaHQ, we will need metadata file of OKTA. To get this file from OKTA, Go to
Okta SAML integration and under
Sign on there is
SAML Signing Certificates.
Here we can find all the available active/inactive certificate along with the option to create a new certificate.
Actions -> View IdP Metadata of an active certificate and it will open up a tab with metadata details.
In the same screen, Click on
Actions -> Download certificate and it will download
.cer file that you can keep it for later use.
- Now that we have metadata file, In DronaHQ, Go to
Manage Users -> SSO Configuration -> + ADD SSO -> SAML 2.0
Enter form with below fields -
|Name||Provide Friendly Name of this SSO configuration|
|Entity ID||The entity ID is present on Okta metadata file. Copy the ID and paste it.|
|Login URL / SSO URL||Enter the details of location of |
|X509 public certificate||X509Certificate file in |
|Binding type||Enter |
|Restricted Domain||Enter domain name for which you want your users to login with for this SSO Configuration. You can add multiple domain names as well. eg - |
|Want Auth request signed||Keep this default setting as |
|Add Claim List||We have already assigned Email and Name on Okta while integrating SAML. We will now enter same key name - |
|Enable JIT user provisioning||Toggle this |
|Enable SCIM User Provisioning||Enable this in case you want to create, update and deactivate User accounts at your OKTA portal and sync it with DronaHQ user managemnt.|
- Save the draft. Again navigate back to the SSO configuration option. You can see the newly created SAML.
- You can click on
Test SSObutton and it will open SSO Login url in a popup window.
- Once you login successfully and if everything is set up correctly, then finally you will see a success message at the bottom.
- Now, that testing is successful, you can click on the more option for above SSO configuration and click on
Activateto make it live.
OKTA SAML in Action
Simply go to DronaHQ End user webapp and enter your email id with domain that matches the configured restricted domain specified in SSO configuration and Click
Instead of asking for password, it asks for Login via Okta SAML SSO provider. Click on it and open a popup window of okta and the user can login with Okta login credentials.
Manage User section on DronaHQ and you will see the new user created since
JIT was enabled.